Web Email Migration? Beware Of Unintentional Data Spoliation!

Cloud Email Migration

In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation.

But what about when you move to the cloud?

Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully select migration vendors to help you get there. All that remains is following the plan, right?

Everything going well, your valuable data will be migrated without a hitch and will be at your fingertips just in case legal or compliance issues arise.

But what if it doesn’t? What if, when you go to pull-up company records, your data is corrupted or not there at all?

That’s when the headache starts. Your legal team starts knocking on your door, compliance officers look to point their fingers at one of your team, and you face a hefty fine for data spoliation.

Oops.

As much as I’d like to say I’m painting a dystopian picture that has very little foothold in reality… that’s just not the case.

Just ask UBS Warburg, West and Phillip Morris.

Now, I’m not an expert on all things data migration, but I do know a thing or two about the backbone of corporate communications: email.

Seemingly innocuous, email is the kind of thing many don’t tend to think much about. You send, receive, agonize over and trash thousands of emails a year. But it’s just email right? How difficult can it be to migrate it to a new cloud service?

The truth is, it’s pretty darn difficult.

Sure, there are lots of email migration vendors out there, waving their hands in the air and jumping up and down saying: “Pick me! Pick me!” (full disclosure: I work for Fookes Software and our product Aid4Mail is right there jumping and waving with the best of them). But how many of them can you really trust?

The fact is, converting email accurately is incredibly complex and we’ve seen very few vendors actually do it well.

Here are just some of the issues we’ve seen come up with poorly converted emails, all of which could result in data spoliation sanctions:

  • Entire folders of emails skipped because of a few special characters in the folder name
  • Unable to render special characters or character based languages (like Chinese, Arabic and Hebrew)
  • Lost attachments
  • Alteration of the SMTP header, this means:
    • Loss of original sent, received and stored dates
    • Loss of email addresses
    • Loss of status information (read, unread etc)
  • Emails being skipped as they’re too large

We even have an example for you:

figure_1

figure_2

And here’s another one:

figure_3

figure_4

So to put this into context, let’s say you produce consumer electronics. You’ve just launched a flagship device after a few years of planning and development. Everyone’s thrilled!

BUT there’s an issue with the battery. It overheats and catches fire in certain circumstances.

A few of your customers’ houses burnt down, a couple of cars caught on fire and around 20 people suffered from burns.

One of the burn victims has leaked some inside information, and now they want to sue you for negligence. The plaintiff is saying you knew about the battery issue and chose not to do anything about so as not to jeopardize the launch.

You’re not worried, you can prove that no one knew anything about it. So, you go back into your archives to pull up all the relevant communication between the project team and your Chinese battery supplier.

That’s when you see that all the emails between the China-based purchasing manager and the battery supplier are all question marks and blank spaces.

The sent date is showing as after the received date and all the emails look like they’re unread.

This, my friends, is data spoliation. Sure it’s not your fault, but you’ll still get sanctioned.

So, what’s the moral of this cautionary tale? Test, test and test again before you choose ANY migration application to move your email to the cloud.

Taking the time now to thoroughly test the application in all scenarios before you commit will pay off in the long run.

By Katie Cullen Montgomerie

Katie is the marketing and communications manager for Fookes Software, the developers of email migration software Aid4Mail.

Hair Loss.png
Byod.png
Holiday Photos.png
Data Fallout.png
Louis
Ransomware continues to grow fast, increasing by 466% in three years. In addition, 57 vulnerabilities exist today with an entire kill chain mapped — from initial access to exfiltration using the MITRE ATT&CK techniques, tactics and procedures (TTPs) ...
Secure
Cloud Vulnerability Scanning Cloud Vulnerability Scanning has become a mandatory process for many organizations in order to identify and mitigate Cloud security risks. However, the term Cloud Vulnerability Scanning can be interpreted in different ways ...
Marcus Schmidt
Microsoft’s Operator Connect Earlier this year, Microsoft announced a new calling service for Microsoft Teams (Teams) users called Operator Connect. IT leaders justifiably want to know how Operator Connect is different from Microsoft’s existing PSTN ...
Gilad David Maayan
What Is Application Dependency Mapping? Modern software development teams use fast-paced DevOps work processes. However, the complexity of modern software applications often gets in the way. A typical enterprise software project has thousands of components, ...
Ronald van Loon
Cloud Transformation Myths Organizations are in the midst of various stages of digital transformation and are searching for the right solutions to help them implement the best strategies and technologies to help them on their ...